[VIM] membrepass PHP execution issue probably isn't file inclusion
Steven M. Christey
coley at mitre.org
Fri Sep 1 16:05:17 EDT 2006
BUGTRAQ:20060831 Membrepass v1.5 Php code execution, Xss, Sql Injection
This is being referred to as file inclusion by some people, but it's
what CVE is calling "direct static code injection" (though I'll
probably drop the "direct" soon).
That's the term we use for when a product accepts user input and
inserts it directly into an executable PHP file that the product uses,
normally for configuration variables.
The relevant exploit from the original disclosure is:
DATA ainfo="; $cmd = $_GET['cmd']; system($cmd); exit;
The ainfo parameter isn't getting a URL, so that should be a tip that
it's not file inclusion.
Then you have a direct request:
... which is probably the file that the code is being inserted into.
More information about the VIM